Plateforme
wordpress
Composant
simple-link-directory
Corrigé dans
8.8.4
CVE-2025-67465 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in QuantumCloud Simple Link Directory. This vulnerability allows an attacker to trick a user into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions within the directory. The vulnerability impacts versions from 0.0.0 up to and including 8.8.3, and a patch is available in version 8.8.4.
A successful CSRF attack against Simple Link Directory could allow an attacker to modify directory entries, delete links, or perform other administrative actions as the logged-in user. The impact is directly proportional to the privileges of the user being targeted. For example, an administrator account could be compromised, granting the attacker full control over the directory and potentially the associated website. This could lead to data breaches, website defacement, or denial of service. While CSRF typically requires social engineering to trick a user into clicking a malicious link, automated attacks are also possible.
CVE-2025-67465 was publicly disclosed on December 9, 2025. There is no indication of active exploitation at this time, nor is it listed on the CISA KEV catalog. Public proof-of-concept (PoC) code is currently unavailable, but the nature of CSRF vulnerabilities makes it likely that a PoC will emerge following public disclosure.
Websites utilizing QuantumCloud Simple Link Directory, particularly those with administrative interfaces accessible to a wide range of users, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromise of one website could potentially impact others.
• wordpress / composer / npm:
grep -r 'simple-link-directory/simple-link-directory' /var/www/html/• generic web:
curl -I https://your-website.com/simple-link-directory/ | grep -i 'referer'• wordpress / composer / npm:
wp plugin list | grep simple-link-directorydisclosure
Statut de l'Exploit
EPSS
0.02% (percentile 6%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-67465 is to upgrade Simple Link Directory to version 8.8.4 or later, which contains the fix. If upgrading immediately is not feasible, consider implementing a Content Security Policy (CSP) to restrict the origins from which the directory can be loaded. Additionally, implement strict input validation and output encoding to prevent malicious scripts from being injected. Web Application Firewalls (WAFs) can be configured with CSRF protection rules to block suspicious requests. After upgrading, verify the fix by attempting to submit a request with a forged origin header and confirming that it is rejected.
Mettre à jour vers la version 8.8.4, ou une version corrigée plus récente
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-67465 is a Cross-Site Request Forgery (CSRF) vulnerability affecting QuantumCloud Simple Link Directory versions 0.0.0–8.8.3, allowing attackers to perform unauthorized actions.
You are affected if you are using QuantumCloud Simple Link Directory versions 0.0.0 through 8.8.3. Upgrade to 8.8.4 to mitigate the risk.
Upgrade Simple Link Directory to version 8.8.4 or later. Consider implementing CSP and WAF rules as temporary mitigations.
There is currently no evidence of active exploitation, but the vulnerability's nature suggests potential for future attacks.
Refer to the QuantumCloud security advisory for details and further instructions: [Replace with actual advisory URL when available]
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.